Hotel break-ins blamed on flaw in keycard system

Back in August, I blogged about a presentation at Black Hat, where a security researcher named Cody Brocious presented a paper on a vulnerability in hotel-door locks made by Onity, showing a method for opening many hotel-room locks with a simple, Arduino-based device.

Now comes the first reported case of a hotel-room break in using this technology "in the wild." A Hyatt in Houston's Galleria district was broken into using this method, according to the hotel, which had not replaced its locks even though it knew about the vulnerability.

In a statement sent to me, a White Lodging spokesperson says the company became aware of the vulnerability in its Onity locks in August, based on reading one of the stories I wrote about Brocious’s lock-hacking technique over the summer. But White Lodging says Onity only implemented a fix for that flaw in its locks after the September break-ins at the Houston Hyatt, around two months after I first alerted Onity to Brocious’s work.

Following those September incidents, White Lodging resorted to plugging the port at the bottom of its Onity locks with “epoxy putty,” according to the letter it sent to guests at its Houston location. The hotel company says it’s now working with Onity to put a more permanent solution in place, either plugging the locks’ ports or replacing their circuit board at every location it manages. “We sincerely regret that these thefts occurred, and hope that measures we have taken satisfy your concerns,” reads the letter to guests from White Lodging vice president Thomas Riegelman.

I thought part of the original report was that the ports were on the inside of the door/lock set, not externally available. Putting a programming port for a lock on the outside of the lock just seems like asking for trouble…